五、發明説明( A7 B7 經濟部中央標準局負工消費合作社印掣 1. 發明範圍_ " 本發明係有關於内容安全的範圍。更明確而言,本發# 係關於用以將條件存取提供給送來數位内容的系統和2 法。 2. jg 關技藝 终多年以來’對於電子系統可將視覺及/或聽覺提供每 ^户已有成長。典型上’内容供應器能以多種形式的内I 提供〜用户(例如電影、電視節目等)。當諸如以國家電賴 系、.先文員會(NTSC)或相位交替線(PAL)的類比格式來傳輕 的時候’"褒内容多少是受到保護,由於類比信號的本質。 例如,類比内容對於不法的拷貝及重新分布是麻煩的。而 j,通等所屺錄的拷貝會較原始的内容有較差的影像品 ^。在某些場合上’拷貝保護信號可加入内容,爲了要避 免由綠放影機成功的重新錄製。 在過去的數十年中,對於數位内容的要求已有成長。由 在日本東京的新力(sony)公司所提供的諸如數位衛星系统 (DSS™)的頂端安裝盒,内容是以數位格式接⑯,並在顯 示或播放之前會轉換成類比格式。此類比内容會持有如上 述的某些既有的保護本質a在轉換成類比格式之前,該數 位内容會受到編碼。 裒近,原設備製造商(OEMs)正提供間放式、可重新程弋 化的數位平而當作電子系統的部份。例如,桌上型端:: (例如,WEBTVT’係目前售於市面’以接收諸如網二: (請先閱讀背面之注意事項再^¾本頁) --裝--- 訂--- *—旅--- -4 - 尽纸張尺度適用_國國家標準(CNS ).八4规格丨.2!0><297公慶) —----- A7 B7 經濟部中央標準局—工消费合作杜印繁 五、發明説明(2 路W疋(IP) τ々、下载影像、聲音和相關的。不幸地,該 等數位平台提供硬體和軟體’包括安全性應用程式、可由 未經過可的使用者或不良的程式所觀察和修改。此威脅已 明顯威脅數位内容分布的擴充,因爲沒有方法來保護來自 未經認可的拷貝及其數位内容的内容供應器。 爲了要設法緩和數位内容的未經認可拷貝,某些電子系 統目前是使用具有可控制内容流程之可移除智慧型介面卡 的接收機來實現。》智慧型介面卡"係類似於信用卡的形 狀’但是包括取代磁條的積體電路該積體電路係提 供一或多個參數’其可用於來自遠端傳輸源所提供數位内 容解碼的鑑別和可能性。結果,智慧型介面卡是將條件存 取方法提供給實質上缓和不法存取提供給數位内容,由於 它們具有可替換的本質。 若要保護數位内容,如果下列兩其中之一條件發生,便 要適當地重新更換電子系統用户的智慧型介面卡;即是, (i)預定時間週期已過:或(Π)由每個電子系統所使用的整 體岔碼鍵控已揭露。然而’此智慧型介面卡的重新分布會 造成許多的缺點。例如,一缺點是持續更換智慧型介面卡 會提高内容供應器和用户的成本。另一缺點是當嘗試避開 電子系統數目的增加及當每年增加用户量的時候,此技術 便會增加分布成本。然而,另一缺點是許多的用户會經歷 到一旦未按時更換智慧型介面卡便會無法使用。 因此,意欲要根據毫無上述缺點的條件存取來建立電子 系統操作。 -5- 本纸張尺度適用中國國家標準(C\S ) A4規格(210X 297公釐1 n·——.H - —·1-- I* n I― II I u n 1 n n T n I ) : ______ (請先閱讀背面之注意事頊再i/vc本頁) 42 7 94 α 經濟部中喪標隼局員工消費合作社印製 A7 五、發明説明(3 ) 發明概要 在-具體實施例中’本577關於包括介面單元的系 統’而該介面單元係連接至可程式化單元。該介面單元係 包括對時間感應之鍵控。該可程式化單元-旦也包括對時 間感應i鍵控,它便會接收來自該介面單元的數位内容。 _圖式之簡單描诚 本發明的特徵和優點從下列的本發明詳細描述而變得更 顯然: 圖1係描述利用本發明的電子系統之第—具體實施例的 方塊圖。 圖2係描述gm子系統之介面單元的具體實施例。 圖3係描述圖I電子系統之可程式化單元的具體實施例。 圖4係描述藉由至少在圖丨可程式化單元所載入之防止變 更软體所使用的技術具體實施例。 圖5係描述藉營防止變更軟體所使用的另一技術之具體 實施例,以增加在防止變更軟體中所載入敏感資訊内容確 定的困難度。 圖6 A是對時間感應之鍵控(TSK)之主要載入程序的第一 具體貫施例。 圖6 B是對時間感應之鍵控(TSK)之主要載入程序的第二 具體實施例。 圖7 A係描述藉由可程式化單元來偵測不法軟體修改而提 供計數器測量的具體實施例。 圖7 B係描迷保護在該介面單元和該可程式化單元之間通 -6- ^^艮又度適用中國CNS ) [4現格(210X297公t ) (请先聞讀背面之注意事^再""本頁) • fm' ----^------1T-------^------ ^ g五、發明説明(4 A7 B7 經濟部中央標隼局貝工消費合作社印製 訊連結完整性的技術具體實施例。 〜圖7C係描述確財法的具體實施例,其係基於所建立的 零知識協定來確認可程式化單元。 圖8A係利用接收來自外部源資訊之本發明而描述該電子 系統之第二具體實施例的方塊圖。 ,圖8 B係利用將資訊傳送至外邵源之本發明而描述電子系 統之第一具體實施例的方塊圖。 圖9係利用本發明而描述電子系統的第三具體實施例之 方塊圖。 ' 較佳具體實施例之説! 本發明係有關於電子系統和方法,用以防止來自内容供 應器所可能接收存取内容之開放式、可再程式化的數位平 σ ’直到一或多個預定條件已滿足爲止。在滿足這些條件 的時候’该數位平台便是安全。應了解到某些所發表的細 即是爲了要提供對本發明的完全了解:然而,至於在技藝 中熟τι·此技術者,本發明可經由所描述的許多具體實施例 來實施。而且’眾所週知的電路並未詳細發表,爲了要避 免不必要對本發明產生模糊。 在下列的描述中,某些用語是用來描述本發明和密碼功 I的某些特徵。例如,„内容,,通常係定義爲⑴資料(例 如’視頻及語音)及/或(ii)控制資訊(例如,網際網路協定 •·ΙρΜ命令、識別符號等)。"通訊連結"係定義爲一或多個 資讯攜帶媒體(例如,電線、光纖、電纜 '匯流排路徑等) 或經由諸如紅外線(IR)和射頻(RF)信號之所建立技術的無V. Description of the invention (A7 B7 Printing by the Central Standards Bureau, Ministry of Economic Affairs and Consumer Cooperatives 1. The scope of the invention _ " The invention relates to the scope of content security. More specifically, this issue # is about the use of Take the system and method of delivering digital content. 2. jg Guan technology has been growing over the years for the electronic system to provide visual and / or auditory growth to each household. Typically, the content provider can be in many forms The internal I provides ~ users (such as movies, TV shows, etc.) when transmitting light in analog formats such as the National Telecommunications Association, the Advance Scribe Association (NTSC), or the Phase Alternating Line (PAL). '&Quot; quotContent How much is protected due to the nature of analog signals. For example, analog content is troublesome for illegal copying and redistribution. And the copy recorded by j, Tong et al. Will have worse image quality than the original content ^. On some occasions, 'copy protection signals can be added to the content in order to avoid successful re-recording by the green player. In the past few decades, the requirements for digital content have grown. The top mounting box, such as Digital Satellite System (DSS ™), provided by Sony Corporation, is connected in digital format and converted to analog format before display or playback. The analog content will be held as described above Some of the existing protection features of a are encoded before they are converted to an analog format. Nearly, original equipment manufacturers (OEMs) are offering indirect, reprogrammable digital levels as Part of the electronic system. For example, the desktop :: (For example, WEBTVT 'is currently sold on the market' to receive such as network two: (Please read the precautions on the back before ^ ¾ this page) --install- -Order --- * -Travel --- -4-Applicable to the full paper size _ National Standards (CNS). 8 4 specifications 丨. 2! 0 > < 297 public celebration) ------- A7 B7 Central Standards Bureau, Ministry of Economic Affairs-Industrial-Consumer Cooperation Du Yinfan V. Invention Description (2 Road W 疋 (IP) τ 下载, Download Video, Sound, and Related. Unfortunately, these digital platforms provide hardware and software 'including security Sexual applications, can be observed and modified by unauthorized users or unwanted programs. The expansion of digital content distribution has been clearly threatened, as there is no way to protect content providers from unauthorized copies and their digital content. To try to mitigate unauthorized copies of digital content, some electronic systems currently use Controlled content flow is achieved by the receiver of a removable smart card. "Smart card" is similar to the shape of a credit card, but includes a integrated circuit instead of a magnetic stripe. The integrated circuit provides one or more The parameter 'It can be used for identification and possibility of decoding digital content provided from a remote transmission source. As a result, smart interface cards provide conditional access methods to substantially mitigate illegal access to digital content. The essence of replacement. To protect digital content, if one of the following two conditions occurs, the smart interface card of the user of the electronic system should be properly replaced; that is, (i) the predetermined time period has elapsed: or (Π) by each electronic The overall fork code keying used by the system has been revealed. However, the redistribution of this smart interface card causes many disadvantages. For example, one disadvantage is that continuous replacement of smart interface cards can increase the cost of content providers and users. Another disadvantage is that this technique increases the cost of distribution when trying to avoid the increase in the number of electronic systems and when the number of users increases each year. However, another disadvantage is that many users will experience the inability to use the smart interface card if it is not replaced on time. Therefore, it is intended to establish an electronic system operation based on conditional access without the above disadvantages. -5- This paper size applies to China National Standard (C \ S) A4 specification (210X 297mm 1 n · ——. H-— · 1-- I * n I― II I un 1 nn T n I) : ______ (Please read the notes on the back first, and then i / vc this page) 42 7 94 α Printed by the Consumers ’Cooperative of the Ministry of Economic Affairs, Bureau of Consumers, A7 5. Description of the invention (3) Summary of the invention is in the specific embodiment 'This 577 is about a system including an interface unit' and the interface unit is connected to a programmable unit. The interface unit includes time-sensitive keying. The programmable unit-once it also includes time-sensing i-keying, it receives digital content from the interface unit. Schematic description of the features and advantages of the present invention will become more apparent from the following detailed description of the present invention: Fig. 1 is a block diagram illustrating a first embodiment of an electronic system utilizing the present invention. FIG. 2 illustrates a specific embodiment of the interface unit of the gm subsystem. FIG. 3 illustrates a specific embodiment of the programmable unit of the electronic system of FIG. FIG. 4 illustrates a specific embodiment of a technique for preventing change in software loaded at least in the programmable unit of FIG. FIG. 5 illustrates a specific embodiment of another technique used to prevent change in software to increase the difficulty of determining the content of sensitive information loaded in the change prevention software. Figure 6A is the first specific embodiment of the main loading procedure for time-sensitive keying (TSK). Fig. 6B is a second specific embodiment of the main loading procedure for time-sensitive keying (TSK). FIG. 7A illustrates a specific embodiment for providing counter measurement by detecting a software modification by a programmable unit. Figure 7 B-line depiction protection between the interface unit and the programmable unit is applicable to China's CNS again) [4Xuange (210X297mmt) (Please read the notes on the back first ^ Re- " " this page) • fm '---- ^ ------ 1T ------- ^ ------ ^ g V. Invention Description (4 A7 B7 Ministry of Economic Affairs A specific technical embodiment of the integrity of the link printed by the Central Bureau of Standardization, Shellfish Consumer Cooperative. ~ Figure 7C describes a specific embodiment of the financial confirmation method, which is based on the establishment of a zero-knowledge agreement to identify programmable units. Figure 8A is a block diagram illustrating a second specific embodiment of the electronic system by using the present invention to receive information from an external source. FIG. 8B is a first specific embodiment of an electronic system described by using the present invention to transmit information to an external source. Fig. 9 is a block diagram of a third embodiment of an electronic system using the present invention. 'Preferred embodiment! The present invention relates to an electronic system and method for preventing from the content provider Open, reprogrammable digital level σ 'of possible access to content Certain conditions have been met. When these conditions are met, 'the digital platform is secure. It should be understood that certain details are published to provide a complete understanding of the present invention: However, as far as they are skilled in the art. The skilled person, the present invention can be implemented through the many specific embodiments described. Also, 'well-known circuits have not been published in detail, in order to avoid unnecessarily obscuring the present invention. In the following description, certain terms are used to describe Certain features of the present invention and cryptographic functions. For example, "content," is generally defined as "data (such as 'video and voice') and / or (ii) control information (such as Internet Protocol • IpM commands, Identification symbol, etc. "" Communication link " is defined as one or more information-carrying media (eg, wires, optical fibers, cable's bus paths, etc.) or via signals such as infrared (IR) and radio frequency (RF) signals None of the technology established
本·尺度適财關別公P (請先閱讀背面之注意事項再轳"本頁) I— . I- -I 1 I t-- I - 訂------—線 -{ n II I -- · A7 B7 94 9 五、發明説明(5 線通訊。 關於密碼功能’ ”鍵控"是由用以編碼及/或解碼之密碼 功旎所使用的資讯。’’密碼功能”是用於編碼和解碼的所使 用的數學功能。缶碼功能範例係包括⑴諸如資料編碼標準 (DES)的對稱鍵控密碼功能及⑴)諸如Rivest、shamir、和 Adleman(RSA)的非對稱(公眾鍵控)密碼功能。”安全"用語 係指示狀態’它實際上是以計算的方式而不能夠使未經認 可的個人以非编碼格式來存取資訊,及/或已偵測到未經 認可而嘗試變更軟體(而且或許是硬體)。 此外,”數位確認"通常係定義爲用遺確認的任何資訊。 通常,此資訊係使用11確認證明,,之私人鍵控(pRKCA)的编 碼公眾鍵控,即是値得信賴的任何人或實體,以保證或贊 助該數位確認(例如,銀行、政府單位、貿易協會、原咬 備製造商等)。"數位簽入"係定義爲在公眾鍵控密碼功能 下藉由具簽入之私人鍵控的編碼資料轉換。該數位簽入是 用來證明或確認資料(亦即,確定在數位簽入之後,資料 是否未受不法的修改)的完整性。資料能原封不動的提 供’或當作由單向雜湊功能所產生的雜湊値。單向混凑 功能”是函數 '數學、或其它相關的,其係接受可變長的 内容,並將它轉換成固定長度。"單向”用語係指示並未存 在反函數,以便將固定長度的結果轉換回可變長度的内 容。 雷子系統的第一具體f施例 請即參考圖1係顯示電子系統1 〇〇的第一具體實施例的描 -8 - 本纸張尺度適用申国國家榡準(CNS :) A4規格(2丨0X297公釐 ---Ϊ.--1.-----裝-------訂—-----線 (請先閱讀背面之注f項再铲本頁) 經濟部中央標準局員工消f合作社印製 Μ Β7 五、發明説明(6 = ; = 實施例中’電子系統_包括介面單元11。 兩者能週期地使用對時間感應之鍵 例如,此週期性更新TSK 130是設計上 可=從每月或每曰键控的更新至小於每秒的 吊·工新。當然,該週期性地選取可隨時間改變 < 固 定不變。 在一具體實施例中,丁SK 13〇的特徵可作爲編碼及/或解 馬所使用的値。在另—具體實施例中,13〇可使用如 ?可更新# $串指令來實現。這些指令可以是可直行的 裎式’以形成諸如週期性載入電子節目指南之可顯示的物 體。 經濟部中央標準局員工消費合作社印裝 —連串的指令可提供解碼及/或編碼資訊,以提供鍵控 及解除資訊的功能。"解除資訊"係包括_或多個數位確 忍,其疋經由與預先載入的數位確認(參考圖4 )相比較來 確忍,而預先載入的數位確認是避免因各種不同的理由而 進—步使用TSK 130之某些可程式化單元(例如,付款過 失 '數位確認的不良使用等)。此解除資訊可放置在TSK 130中所選足的位置(例如,在最高有效位元、最低有效位 凡等)。然而,若要在傳輸期間避免將它移除,解除資訊 可經由位元運算(bitwise)變更、互斥〇r (X〇R)運算、或誤 差更正碼的放置而與解碼及/或編碼資訊相組合。 大體上,TSK 130的目的是要確保由介面單元π〇所接收 的數位格式(當作”數位内容")内容在當可程式化單元丨2〇 安全的時候而傳送给可程式化單元丨20。此可在將數位内 本紙浪尺度適用中囷國家樣车(CNS ) A4規格(210X H97公釐) 鐘濟部中央標準局負工消费合作社印製 五、發明説明(7 ) 容傳送給可程式化單元120之前一丄々 zu< W ’精由執行許多的預轉換 操作完成。該等運算的範例係包括,但並非局限或限制於 ⑴檢查在可程式化單元12〇中所預先载人的確認程式是否 未經授權而修改;(ii)確認在介面單元110和可程式化單元 〗別之間的通訊連結140是安全的;及(出)確認該可程式化 單元120 ^該等操作的更詳細描述會在下面提出。 如先前所示,輸入單元(例如,天線或數據機)15〇會從 傳輸源(在圖中未顯示)接收傳送來的數位位元流16〇,諸 如軌道衛星、電纜公司、網路、電視廣播等公司等。該輸 入單元150在構造上能從介面單元11〇(如圖所示)分開,或 在介面單元110中實現。通常,數位位元流16〇的特徵在於 擁有許多的通訊波道,而每個波道通常會傳送不同的數位 内卷。該數位内容係放置在預定的資料封包結構’而且在 對稱鍵控编碼功能,或許是公眾鍵關編碼功能下予以編 碼0 所顯示的介面單元1 10和可程式化單元12〇是由通訊連結 140所連接的分開硬體設備。通訊連結丨40可在萬用串列區 流排(USB)、鬲效率串列匯流排和類似上進行並列傳送或 串列輸送。然而’要考慮的是介面單元Η 0和可程式化單 元12 0可合併成單獨的週邊没備,諸如單獨的數位影像光 碟(DVD)播放器。 請即參考圖2 ’所顯示的係根據圖1之介面單元n 〇的具 體實施例。如圖所示,介面單元11 〇是以寬頻接收機實 現,其能夠接收,並在在數位位元流上執行操作,爲了要 、10- 本饫張足度適用中國國家標準(cis ) Λ4ϋ ( 210 X 297公董) ~ " ' 〜 I ---- —l.Ji ---- - - n I. _ n _ __ 丁------------ % U3.-在 Ά (請先聞讀背面之注意事項再栌¾本頁) 9 A7 B7 經濟部中夬標進局負工消費合作社印^ 五、發明説明(8 選取具有意欲數位内容的傳輸波道。此寬頻接收機110係 包括外鈦1 1 1,而此外殼是以較硬的材料(例如,塑膠或 金屬合金)製成。外殼1Π係設計成包括一或多個輸入/輸 出(I/O)琿。 .例如,第一輸入/輸出埠112係允許傳送來的數位位元 流,包括數位内容和可能地對時間感應之鍵控(TSK),它 們會從輸入單元15〇傳送至介面單元11〇的内部電路。第二 ,入/輸出埠113係允許資訊載入可移除的週邊設備115或 k其下載,諸如智慧型介面卡。例如,可移除的週邊設備 115可提供識別符號,其典型上是唯一指定値,爲了要指 π傳送來數位位元流16〇的數位内容是由介面單元11〇存 取。或者’可移除的週邊設備丨丨5可提供用以產生键控的 的共用値,而該鍵控是用來解碼數位内容,或用以提供控 鍵本身第二輸入/輸出琿114是將編碼的輸出提供給可程 式化單元120。 介面單元11 〇的内部電路係包括前端電路2〇〇和第一控制 益230 °如圖所示,前端電路200係包括放大電路(Amd) 210、洞讀器220、解調器(DeMOD) 230 '和分析電路240, 但並未局限或限制於此。該放大電路2 1 0是用來放大在輸 入單元1 50上所接收的任何相關的弱信號。該調諧器220係 允許由用户“調諧”至可移除週邊設備1 1 5所認可的意欲頻 道而解°周器2 3 0將數位位元流解碼成未涵蓋意欲頻率的 數位内容。該等電路是經由通訊連結260而由第一控制器 250所控制’而該第一控制器可以是微處理器、微控制 -11 - 本紙張尺度賴巾(eNS} (諸先聞讀背面之注意事項再:本頁) --#------.--.1-------- 42) Α7 Β7 來 器 來 早 的 五、發明説明(9 器、或狀態機器。 而且由第一控制器250所控制,分析電路240係接收來自 解調器230的解碼數位内容,並基於不同的特徵(視頻、聲 音、控制等)將解碼數位内容分開。此允許TSK從數位内容 摘綠’並儲存在介面單元丨1() D TSK能以編碼或非编碼的格 式來儲存,可儲存在内部記憶280中所預先載入防止修改 的敕體,或許是儲存在可移除的週邊設備115,如同在圖 中以虛線270所表示的選擇項目。而且,該數位内容(例 見頻及s吾音)能使用可程式化單元12 〇所確認的鍵控 解碼和重新編碼。如此的解碼和重新编碼能由第一控制 250或密碼硬體單元29〇和295(如圖所示)所執行的軟體 執行。或者,該數位内容能以其所編碼的格式通過介面 疋uo,如同由虛線271所表示的選擇。 ::參考。圖3係描述可程式化單元12〇的—具體實施例 二二:早元120是例如電腦之開放式、可重新程式化 手二…""個人電腦 '桌上型電腦、膝上型電腦、 如二位或具有顯示'綠製、或播放功能(例 放器)的任:出1!位錄放/i機'或數位影像光碟播 第1心 早程式化單元蘭系包括 ir: “崎-或多個記憶排❹v叫(,v,是正整 在此具體實施例中,該等記憶體排 性(NV)的記悻俨, 0丨-310„疋非揮發 TSK η◦、預先:其係包括與安全性有關的可執行程式、 、先載人的數位識別34〇、和數位信號簽入㈣。 - i I Jut I J ji -1 - II ---1— 1-· -- I I - 1—^fiJ I— ...... m^i -I. I I - !! (諳先聞讀背面之注意事項再#¾本頁) 經濟部中央嫖準局負工消费合作社印裂 本纸張尺度適用中园圉家操孕 (CNS ) Α4規格(210Χ 297公楚 A7 B7 經濟部中夬裙準局貝工消f·、合作衽印^ 未紙fj 五、發明説明(1〇 ) 在數位内容載入之前與安全有關的可執行程式"係包括 ⑴可執行的確認程式330 ’以便確認圖1的可程式化單元 120及/或介面單元110,及(Π)可執行的解碼/解碼播放程 式,其會將數位内容轉變成用以觀賞(例如,諸如MPEG2 的 Motion Pictures Expert Group "MPEG"標準)或能聽的可 接受格式°如圖所示,確認程式3 3 0是防止修改的,並與 如在圖4中所描述的TSK 130組合。數位識別34〇是用來確 認可程式化單元12 0,而且典型上係包括至少指定给可程 式化單元120的公眾鍵控(PUKPU),並使用諸如原設備製造 商(OEM)之認識許可的私人控鍵(PRKCA)來編碼。數位簽 入350係用於檢查,防止軟體威脅,而且通常係包括使用 可程式化單元1 20之私人鍵控所编碼的確認程式混凑値。 防止修改軟體 請即參考圖4,方塊圖係描述確保圖3的TSK 1 30和與安 全有關的可執行程式(例如,確認程式)3 3 0防止修改的技 術。防止修改係藉著由空間及時間的分布來達成。例如, TSK係分成次要部份4 1 0 Γ4 10m( "m”是正整値),而確該程 式330係分成許多的副程式420 r420m,其是與次要部^ 410,-410^操作;對於此描述的具體實施例而言,一次要; 份410r410m係分別指定給相對副程式42(^-42(^的每— 個。副程式420 r420m然後會執行一段時間。結果,完八的 TSK不能夠以在空間的任何單一點或在時間上的任何_ 點來觀察或修改。 注意,該等副程式420r42〇m可更進一步與不相關 «’J工作 -13- 張尺度適用中园园家標準(CNS ) A4規格(21 Οχ 297公釐) -I, I. . 奸冬 . n . . 訂 务 (請先閲讀背面之注意事項再"1:本頁)This standard is suitable for public finance (please read the precautions on the back before quoting this page) I—. I- -I 1 I t-- I-subscription -------- line- {n II I-· A7 B7 94 9 V. Description of the invention (5-wire communication. About the password function '"keying" is the information used by the password function used to encode and / or decode. "Password function "Are the mathematical functions used for encoding and decoding. Examples of code functions include: symmetric keyed cryptographic functions such as the Data Encoding Standard (DES) and ⑴) asymmetric such as Rivest, shamir, and Adleman (RSA) (Public Keying) Password function. "Security" indicates the status' It's actually a computational method that does not allow unauthorized individuals to access the information in an uncoded format, and / or has detected unauthorized attempts to change the software (And perhaps hardware). In addition, "digital confirmation" is usually defined as any information that is confirmed with a legacy. Usually, this information uses 11 confirmation certificates, the private keying (pRKCA) code of public keying, that is, any person or entity that can be trusted to guarantee or sponsor the digital confirmation (for example, bank, government unit , Trade associations, original bite manufacturers, etc.). " Digital check-in " is defined as the conversion of encoded data with private keying with sign-in under the public keying password function. This digital check-in is used to prove or confirm the integrity of the data (that is, to determine whether the data has been unlawfully modified after the digital check-in). The data can be provided intact 'or treated as a hash generated by a one-way hash function. The "one-way hash function" is a function of mathematics, or other related, which accepts variable-length content and converts it to a fixed length. The "one-way" term indicates that there is no inverse function in order to fix the Length results are converted back to variable-length content. Please refer to FIG. 1 for a detailed description of the first specific embodiment of the electronic system. Refer to FIG. 1 for a detailed description of the first specific embodiment of the electronic system -8.-This paper size applies to the China National Standard (CNS :) A4 specification ( 2 丨 0X297mm --- Ϊ .-- 1 .----- install --------- order ------ line (please read the note f on the back before shovel this page) Economy Printed by the staff of the Central Standards Bureau of the Ministry of Foreign Affairs and Cooperatives. Β7. 5. Description of the invention (6 =; = In the embodiment, 'electronic system_ includes the interface unit 11. Both can use the time-sensitive key periodically. For example, this periodic update The TSK 130 is designed to be capable of = from key update per month or month to less than one second per second. Of course, the periodic selection can be changed with time < fixed. In a specific embodiment The characteristics of Ding SK 13〇 can be used as a code for encoding and / or solution. In another-specific embodiment, 13 can be implemented using such as? Updateable # $ String instructions. These instructions can be straightforward 'Style' to form displayable objects such as periodic loading of electronic program guides. Printed by the Consumer Cooperatives of the Central Standards Bureau of the Ministry of Economic Affairs-Company The instructions can provide decoding and / or encoding information to provide the function of keying and deactivating information. &Quot; Deactivating information " includes _ or multiple digital tolerances, which are confirmed by pre-loaded digital confirmation (refer to the figure) 4) For comparison, to be sure, the pre-loaded digital confirmation is to avoid further use of certain programmable elements of TSK 130 for various reasons (for example, bad use of payment fault 'digital confirmation, etc.). This release information can be placed at the selected foot position in the TSK 130 (for example, in the most significant bit, the least significant bit, etc.) However, to avoid removing it during transmission, the release information can be bit-calculated (Bitwise) changes, mutually exclusive OR (XOR) operations, or placement of error correction codes are combined with decoding and / or encoding information. In general, the purpose of TSK 130 is to ensure that it is received by the interface unit π. The digital format (as "digital content") is transmitted to the programmable unit when the programmable unit is secure. 20. This can be applied to the national prototype vehicle in the digital paper standard. (CNS) A4 specification (210X H97 mm) Printed by the Central Standards Bureau of the Central Ministry of Standards and Labor Cooperatives. V. Invention description (7) The contents are transmitted to the programmable unit 120 before the "W" The pre-conversion operation is completed. Examples of such operations include, but are not limited to, or limited to: ⑴ Check whether the confirmation program pre-loaded in the programmable unit 120 has been modified without authorization; (ii) confirm in the interface The communication link 140 between the unit 110 and the programmable unit is secure; and (out) confirm that the programmable unit 120 ^ A more detailed description of these operations will be presented below. As shown previously, the input unit (for example, an antenna or modem) 15 will receive a transmitted digital stream 16 from a transmission source (not shown in the figure), such as an orbiting satellite, cable company, Internet, TV Broadcasting companies, etc. The input unit 150 can be separated from the interface unit 110 (as shown in the figure) in construction or implemented in the interface unit 110. Generally, the digital bit stream 16 is characterized by having many communication channels, and each channel usually transmits a different digital involution. The digital content is placed in a predetermined data packet structure and is encoded under a symmetric key coding function, perhaps a public key coding function. The displayed interface unit 1 10 and the programmable unit 12 are connected by communication. 140 connected separate hardware devices. Communication link 丨 40 can perform parallel transmission or serial transmission on universal serial bus (USB), high-efficiency serial bus and the like. However, it is to be considered that the interface unit Η 0 and the programmable unit 120 can be combined into a single peripheral device, such as a separate digital video disc (DVD) player. Please refer to FIG. 2 ′ for a specific embodiment of the interface unit n 0 according to FIG. 1. As shown in the figure, the interface unit 11 〇 is implemented as a wideband receiver, which can receive and perform operations on the digital bit stream. In order to meet the 10-degree requirements, the Chinese National Standard (cis) Λ4ϋ ( 210 X 297 public director) ~ " '~ I ---- —l.Ji ------n I. _ n _ __ Ding ------------% U3.- (Please read the precautions on the back of this page before going to this page) 9 A7 B7 Printed by the Ministry of Economic Affairs in the Bureau of Work and Consumer Cooperatives ^ V. Description of the invention (8 Select the transmission channel with the desired digital content. This The broadband receiver 110 series includes an outer titanium 1 1 1 and the casing is made of a harder material (for example, plastic or metal alloy). The casing 1 Π is designed to include one or more input / output (I / O)例如. For example, the first input / output port 112 is a digital stream that is allowed to be transmitted, including digital content and possibly time-sensitive keying (TSK), which are transmitted from the input unit 15 to the interface unit 11 〇 Internal circuit. Second, the input / output port 113 allows information to be loaded into the removable peripheral device 115 or downloaded, such as a smart interface card. For example, the removable peripheral device 115 can provide an identification symbol, which is typically the only designation of 値, in order to refer to the digital content transmitted by the digital bit stream 160, which is accessed by the interface unit 11. Or, 'removable' In addition to the peripheral equipment, 5 can be used to generate a shared key for keying, which is used to decode digital content, or to provide the second input / output of the key itself. 114 is to provide encoded output To the programmable unit 120. The internal circuit of the interface unit 110 includes the front-end circuit 200 and the first control 230 °. As shown in the figure, the front-end circuit 200 includes the amplifier circuit (Amd) 210, the hole reader 220, The demodulator (DeMOD) 230 'and the analysis circuit 240 are not limited or limited thereto. The amplifying circuit 2 1 0 is used to amplify any relevant weak signal received on the input unit 1 50. The tuner The 220 series allows users to "tune" to the desired channel recognized by the removable peripheral device 1 1 5 and resolve the weekly device 2 3 0 to decode the digital bit stream into digital content that does not cover the desired frequency. These circuits are via Communication link 260 and by the first Controlled by the controller 250, and the first controller may be a microprocessor and a micro-controller.-This paper size depends on the paper (eNS) (notes on the back of the first reading again: this page)-#- ----.--. 1 -------- 42) Α7 Β7 来来来 5. Invention Description (9 devices, or state machines. Also controlled by the first controller 250, analysis circuit The 240 series receives the decoded digital content from the demodulator 230 and separates the decoded digital content based on different characteristics (video, sound, control, etc.). This allows TSK to pick green from digital content and store it in the interface unit. 1 () D TSK can be stored in encoded or non-encoded format. It can be stored in the internal memory 280 and pre-loaded to prevent modification of the carcass. Is a selection item stored in the removable peripheral device 115, as indicated by the dashed line 270 in the figure. Moreover, the digital content (for example, frequency and sigma) can be decoded and re-encoded using the keying confirmed by the programmable unit 120. Such decoding and re-encoding can be performed by software executed by the first control 250 or the cryptographic hardware units 29o and 295 (as shown). Alternatively, the digital content can be passed through the interface 疋 uo in its encoded format, as is the selection indicated by the dashed line 271. ::reference. FIG. 3 depicts the programmable unit 120—specific embodiment two: The early element 120 is, for example, an open, reprogrammable hand of a computer ... " " Personal computer'desktop computer, laptop Computer, such as two-bit or any with display 'green system, or playback function (example player): output 1! Bit recording / playback machine or digital video disc broadcast 1st heart early stylized unit blue line includes ir: " Saki-or multiple memory rows 叫 v is called (, v, is a positive integer. In this specific embodiment, the memory row (NV) records, 0 丨 -310 „疋 non-volatile TSK η◦, in advance: It includes security-related executable programs, human-readable digital identification 34, and digital signal sign-in cards.-I I Jut IJ ji -1-II --- 1— 1- ·-II -1— ^ fiJ I— ...... m ^ i -I. II-!! (谙 Please read the precautions on the reverse side first, then # ¾This page) Printed by the Consumer Affairs Cooperative of the Central Bureau of Standards, Ministry of Economic Affairs This paper standard is applicable to Zhongyuan Family Exercise Pregnancy (CNS) A4 specification (210 × 297 Gongchu A7 B7) The Ministry of Economic Affairs of the Chinese Ministry of Economic Affairs, Bureau of Industry and Commerce, Fong, Cooperative Seal ^ Not Paper fj V. Description of the invention (1〇 ) Before the digital content is loaded, the security-related executable program " includes an executable confirmation program 330 'to confirm the programmable unit 120 and / or the interface unit 110 of FIG. 1, and (Π) executable decoding / Decode the player program, which will convert the digital content into an acceptable format for viewing (for example, Motion Pictures Expert Group such as MPEG2 " MPEG " standard) or audible acceptable ° As shown in the figure, confirm that program 3 3 0 is Prevents modification and is combined with TSK 130 as described in Figure 4. The digital identification 34 is used to identify the programmable unit 120 and typically includes a public key assigned to at least the programmable unit 120 (PUKPU), and encoded using private control keys (PRKCA) such as the OEM's Awareness License. Digital check-in 350 is used to check against software threats, and usually includes the use of a programmable unit1 The authentication program coded by the private keying of 20 is hashed. To prevent software modification, please refer to FIG. 4. The block diagram describes the TSK 1 30 and security-related executable programs (such as FIG. 3). , Confirming the program) 3 3 0 Technology for preventing modification. Preventing modification is achieved by the distribution of space and time. For example, TSK is divided into secondary parts 4 1 0 Γ4 10m (" m "is a positive integer), Indeed, the program 330 is divided into a number of subroutines 420 to 420m, which are operated with the secondary parts ^ 410, -410 ^; for the specific embodiment described here, it is secondary; 410r410m is assigned to the relative subroutine respectively Each of 42 (^-42 (^. The subroutine 420 r420m will then run for a while. As a result, TSK of Wanba cannot be observed or modified at any single point in space or at any point in time. Note that these subroutines 420r42m can be further related to irrelevant «'J work-13- Zhang scale applicable to the China Garden Standard (CNS) A4 specification (21 〇χ 297mm) -I, I.. . n.. Order (please read the notes on the back first " 1: this page)
S A7 B7 經濟部中夹標隼局員工消费合作杜印製 五、發明説明(Ί1 又錯,爲了要進一步觀察由副程式42〇i_42〇m所執行工作的 眞實本質。 圖5係描述在圖丨之可程式化單元12〇中所载入防止修改 軟體的選擇性觀點。根據此觀點,該電子系统可藉由產生 如上述與安全有關之可執行程式(例如,確認程式5〇〇【和 解密碼/解碼播放器程式50〇2)來達成防止修改。此外,該 或子系統的士·全性可藉由提供系統完整確認程式(sivp)來 進一步加強,而系統完整確認程式(SIVP)具有有許多的完 整性遇澄核心(IVKs) ’亦即’在此具體實施例中的第一 IVK(IVKl) 520和第二 IVK(IVK2) 530。 IVK1 520具有公開的外部介面,用以呼叫與安全有關之 可執行程式500!和5002的其它防止修改的安全敏感功能 (SSFs) 54(^*5402。兩IVKs係根據先前所描述之本發明的 部份及可能的模糊觀點來達成防止修改。同時,防止修 改的SSFs 54(^* 5402及(ii)IVKs 520和530係提供聯鎖可信 賴的方法。 根據聯鎖可信賴的方法,對於所描述的具體實施例而 言,防止修改的SSF 1 540 ^SSF2 5402係分別負責與安全 有關的可執行程式5 0 0丨和5 0 0 2的完整性。I V K 1 5 2 0和 1乂仄2 530係負貴3以?510的完整性。一旦確認與安全有關 之可執行程式500丨或5002的完整性,SSF1 540丨或SSF2 5402 會呼叫1乂&1 520。在響應上,1丫1〇 520會確認31乂?510的 完整性。一旦如此成功地執行,IVK1 52〇會呼叫IVK2 530,在響應上,也會確認SIVP 5 10的完整性。該等應用 14- 本紙汝尺度適用中國國家標隼(CNS ) A4規格(2I0'X 297公釐) ------^-------私衣------11------線 (请先閱讀背面之注意事項再頊寫本頁) A7 94 9 玉、發明説明(12 ) 和程式的"完整性”可經由標準的密碼措施(例如,如下所 描述的零知識協定)來檢查,其中可執行程式是與程式的 先前混凑値相混雜,並相互比較。 因此,爲了要使用與安全有關的可執行程式5 〇 〇 1、 SSF1 540丨來修改’ IVK1 520和IVK2 530必須同時修改。然 而,因爲IVK1 520和IVK2 530也由SSF2 5402及在系統上的 任何其它SSFs所使用,它需要同時使用所有其它的“以來 修改’以便设法規避聯鎖信賴的方法。 對時間感應之鍵控載入程序的具體眘 該T S K係根據岭多的程序而載入介面單元和可程式化單 元《例如,如圖6 A所示,TSK可直接載入在數位位元流能 帶(S600)外部的介面單元。在介面單元和可程式化單元 (S605)之間建立一定期間的鍵控(SESS)之後’ TSK能以安 全方式而傳送至可程式化單元。SESS可使用在圖7 C中所 描述之眾所週知的零知確認程序來建立。 然而,在TSK傳輸之前,但正常是在可程式化單元和介 面單元之間的安全通訊連結建立之後,可選擇的操作便會 執行’以決定該可程式化單元是否解除確認。此決定是基 於在送來的數位位元流或先前所傳送的數位位元流(8610) 中所包括的解除資訊。如果可程式化單元已解除確認,便 可避免TSK載入可程式化單元。否則,TSK便會以S E S S編 碼’並傳送至可程式化單元(S615和S62〇)。 TSK可儲存在如上述(S625)防止修改軟體中的可程式化 單元120。而且,TSK能夠以編碼格式或非编碼格式而儲存 -15- 本紙乐尺度適用宁國國家標準(CNS ) A4規格(2i〇x297公釐) --.— _-------批衣------1T------^ (請先閲讀背面之注4^項再"-.本頁} 經濟部中央橾準局員工消費合作社印策 42ί94 9 , Α7 Α7 _ Β7 一 •一‘ ----- —" ·— 五、發明説明(13 ) 經濟部中央標準局員工消费合作社印製S A7 B7 Printed by the staff of the Ministry of Economic Affairs of the Ministry of Economic Affairs of the People's Republic of China. 5. Production description (Ί1 is wrong, in order to further observe the true nature of the work performed by the subroutine 42〇i_42〇m. The optional viewpoint of preventing software modification is contained in the programmable unit 12 of the 丨. According to this viewpoint, the electronic system can generate an executable program related to the security as described above (for example, the confirmation program 500 [settlement Password / decode player program 50〇2) to prevent modification. In addition, the taxi or integrity of this or the subsystem can be further enhanced by providing a system integrity verification program (sivp), and the system integrity verification program (SIVP) has There are many completeness of the cores (IVKs) 'that is,' the first IVK (IVKl) 520 and the second IVK (IVK2) 530 in this embodiment. The IVK1 520 has a public external interface for calling and Security-related executable programs 500! And 5002's other security-sensitive functions (SSFs) 54 (^ * 5402) that prevent modification. The two IVKs are based on parts of the invention described previously and possible vague views to prevent modification At the same time, SSFs 54 (^ * 5402 and (ii) IVKs 520 and 530 that prevent modification are provided with interlocking and reliable methods. According to the interlocking and reliable methods, for the specific embodiments described, preventing modified SSF 1 540 ^ SSF2 5402 is responsible for the integrity of the security-related executable programs 5 0 丨 and 5 0 2 respectively. IVK 1 5 2 0 and 1 乂 仄 2 530 are worth 3 or 510 integrity? Once you confirm the integrity of the security-relevant executable program 500 丨 or 5002, SSF1 540 丨 or SSF2 5402 will call 1 乂 & 1 520. In response, 1 1 10 52 will confirm the completeness of 31 乂? 510 Once such a successful implementation, IVK1 52 will call IVK2 530, and in response, the integrity of SIVP 5 10 will also be confirmed. These applications 14- This paper applies the Chinese National Standard (CNS) A4 specification (2I0) 'X 297 mm) ------ ^ ------- Private clothing ------ 11 ------ line (Please read the precautions on the back before writing this page) A7 94 9 The "integrity of jade, invention description (12), and program" can be checked through standard cryptographic measures (for example, a zero-knowledge agreement as described below), The executable program is mixed with the previous hash of the program and compared with each other. Therefore, in order to use the safety-related executable program 501, SSF1 540 丨 to modify the 'IVK1 520 and IVK2 530 must be modified at the same time . However, because IVK1 520 and IVK2 530 are also used by SSF2 5402 and any other SSFs on the system, it needs to use all other "modifications" methods in order to avoid interlocking trust. Keyed time-sensitive load The specific procedure for entering the program is that the TSK is loaded into the interface unit and the programmable unit according to the Rondo program. For example, as shown in Figure 6A, TSK can be directly loaded outside the digital stream energy band (S600). Interface unit. After a certain period of keying (SESS) is established between the interface unit and the programmable unit (S605), TSK can be transmitted to the programmable unit in a secure manner. SESS can be used as described in Figure 7C The well-known zero-knowledge confirmation process is established. However, before TSK transmission, but normally after the secure communication link between the programmable unit and the interface unit is established, optional operations will be performed to determine the programmable Whether the deactivation unit is deconfirmed. This decision is based on the decommissioning information included in the transmitted digital bit stream or the previously transmitted digital bit stream (8610). If programmable The unit has been de-confirmed to prevent TSK from being loaded into the programmable unit. Otherwise, TSK will be coded with SESS and transmitted to the programmable unit (S615 and S62〇). TSK can be stored as described above (S625) to prevent modification Programmable unit 120 in the software. Moreover, TSK can be stored in coded format or non-coded format. -15- This paper music scale applies the Ningguo National Standard (CNS) A4 specification (2i0x297 mm) --.- _------- Approval of clothes ------ 1T ------ ^ (Please read Note 4 ^ on the back before reading "-. This page} Staff Consumption of the Central Procurement Bureau of the Ministry of Economic Affairs Cooperative cooperative policy 42ί94 9, Α7 Α7 _ Β7 One • One '----- — " ·· V. Description of the invention (13) Printed by the Consumer Cooperative of the Central Standards Bureau of the Ministry of Economic Affairs
在圖1的介面单元1 10。然而,要注意’ TSK最初會載入可 程式化單元120’並在解除檢查之後,隨後便會轉送至介 面單元110,而且如果必要,可在單元之間建立安全的通 訊連結。 另一程序係藉由來自如圖6 B所顯示傳輸源的數位傳輸而 載入TSK。TSK係包括在數位位元流(S65〇)的預定通信波 道。該介面單元會取回TSK,而且在如圖2 (S655、S660 ' 和S 6 6 5)所描述的内部記憶或可移除週邊設備中儲存之 前,可能會解碼。其次’該介面單元可將訊息傳送至可程 式化單元’以要求該可程式化單元(S67〇)所結合的數位確 認。一旦接收數位確認’可程式化單元(PUKPU)的公眾鍵 控便可獲得(S675)。隨後’ TSK能夠使用PUKPU來編碼, 而且傳送至用以解密碼的可程式化單元,而TSK會載入其 防止修改的款體(S 6 8 0和S 6 8 5)。或者,雖然並未顯示,一 定期間鍵控可克服’並在傳送至可程式化單元1 2〇之前, TSK可使用該一定期間鍵控來編碼。 運uy奐操作的具體营施例 當TSK包括在介面單元和可程式單元,但在數位内容在 L們之間傳送之觔’需滿足許多的條件。第一條件是可程 式化單元要提供計數器量度,以便偵測典型上用來獲得 TSK增盈存取的眾所週知软體策略。例如,如圖7 A所示, 一計數器量度係包括確保並未妥協處理可程式化單元(例 如’確認程式)之安全性操作的資訊完整性。這可藉由使 用一或多個數位簽入來執行D (請先閲讀背面之注意事項再#丨.本頁)The interface unit 1 10 in FIG. 1. However, it should be noted that the 'TSK is initially loaded into the programmable unit 120' and after the inspection is released, it is then forwarded to the interface unit 110, and if necessary, a secure communication link can be established between the units. Another procedure is to load TSK by digital transmission from a transmission source as shown in Figure 6B. The TSK system includes a predetermined communication channel in a digital bit stream (S650). The interface unit will retrieve the TSK and may decode it before internal memory as shown in Figure 2 (S655, S660 'and S 6 65) or storage in removable peripherals. Secondly, 'the interface unit can send a message to the programmable unit' to request the digital confirmation combined with the programmable unit (S67). Once the digital confirmation is received, the public keying of the programmable unit (PUKPU) is obtained (S675). ‘TSK can then be encoded using PUKPU and transmitted to the programmable unit used to decrypt the cipher, and TSK loads its variants that prevent modification (S 680 and S 6 8 5). Alternatively, although not shown, a certain period of keying can be overcome 'and TSK can use the certain period of keying to encode before transmitting to the programmable unit 120. Specific examples of this operation. When TSK is included in the interface unit and the programmable unit, but the digital content transmission between the L’ s must meet many conditions. The first condition is that the programmable unit provides counter metrics to detect well-known software strategies that are typically used to gain TSK gain access. For example, as shown in Figure 7A, a counter metric includes information integrity that ensures that the security operations of a programmable unit (such as a 'confirmation program') are not compromised. This can be performed by using one or more digital check-ins (please read the notes on the back before # 丨. This page)
• - -—-I J —^ϋ ui^i up— m^i•--—- I J — ^ ϋ ui ^ i up— m ^ i
訂--------^ I _—I -16- 9'4 螬 A7 B7 五、 發明説明(14 例如,在可程式化單元的製造(時間1)期間,確認程式 7〇〇可輸入單向的雜湊功能7〇5,以產生雜湊値7〗〇。此混 凑値71G能由結合可程式化單^的私人鍵控(pRKpu) 715做 數位簽入,以產生也在圖3中顯示的數位簽入35〇。在週期 ί"生地執行確涊知式7〇〇(例如,在電源啓動期間)之前,在 執行(時間2 )時間上,該單向混凑功能7 〇 5是由可程式化單 元所使用,以便產生結果資料72〇。該結果資科72〇隨後會 與所獲得的數位簽入350有關的混湊値7〖〇相比較,用以使 用公眾鍵控(PUKPU) 725來解碼數位簽入350。如果匹配, 確認程式700並不會修改。如果有差異,確認程式7〇〇便會 ^改。這會使介面單元避免將數位内容傳送至可程式化單 元。 關於保叕通訊連結140的完整性,如圖7 Β所示,一定期 間鍵控(SESS)能在介面單元(例如,圖2的第一控制器25〇) 和可程式化單元(例如,圖3的第二控制器3〇…的控制電路 <間協調。如此的協調係包括可程式化單元,其係將圖3 的預先載入數位確認340傳送至介面單元。該數位識別34〇 係包括與可程式化單元之第二控制器(pUKPU) 725有關的 公眾鍵控。該數位確認340係使用與確認識別(例如,〇EM 公眾鍵控)有關的眾所週知公眾鍵控(PUkcA) 730的介面單 元來解碼。一旦獲得PUKPU 72S,該介面單元便可產生一 定期間鍵控(SESS) 735,並使用PUKPU來编碼SESS 735, 以在傳送至可程式化單元之前來產生编碼期間键控 ME(SESS)PUKPU” 740。該可程式化單元能藉由使用其私人 -17 - 本紙張尺度中國國家標準(CNS ) 見格(2I0X 29?公楚 -----------赛 ----------1T------^ (請先閱讀背面之注意事項再填爲本頁) 經濟部中央榡準局貝工消費合作衽印製 經濟部中央標準局員工消費合作社印製 ^ 1 94 9 A7 _____B7 五、發明説明(π ) 鍵控(PRKPU) 715 來解碼 E(SESS)PUKPU 740而取回 SESS。 此一疋期間鍵技能儲存在防止修改的軟體中,以避免妥協 處理。 有許多能用來認證可程式化單元120的陣列方法.一眾 所週知的確證方法係基於如通常在圖7 c中顯示的零知識 協定。在此具體實施例中,介面單元11〇會將訊息?5〇傳送 至要求在防止修改軟體中載入TSK混湊値之可程式化單 疋。響應上,可程式化單元120是在TSK 755上執行單向混 凑功能’以產生混湊値760 ’並將雜湊値760送回到介面單 几110。然後,介面單元110會在其TSK 765上執行單向雜 湊功能,以產生結果770,並將雜湊値760與結果77〇相比 較。如果該等値比較’可程式化單元12〇便能接收數位内 容,因爲兩單元持有相同的TSKs。如果該等値不同,該數 位内容便可避免載入可程式化單元丨2〇。 電子系統的第二具體實施例 請即參考圖8 A和8 B係顯示電子系統800的具體實施例。 如圖8A所示,電子系統8〇〇係包括可程式化單元81〇和介 面單元820r820K( "k"是正整數値)。此電子系統8〇〇係不同 於圖1的電子系統1〇〇 β —區別是可程式化單元81〇能夠支 援來自多重介面單元820「820k的通信。該等介面單元的範 例係包括,而並非受限或限制於⑴寬頻接收機82〇〖、(ii)直 接從内容供應器來接收數位内容的DVD播放器820,、(iii) 計算及儲存數位内容成本的儀表82〇3 ’而數位内容係提供 給可程式化單元、及/或(iv)網路設備82〇κ,以便建立 -18- (請先閱讀背面之注意事項再續寫本頁) -------- *1τ----1 ----__1 i*ln M --. 本紙張尺度適用中國國家椁华( CNS ) A4規格(:;0χ 297公釐) 94 2 A7 B7 五、發明説明(Ί6 經濟部中夬標準局員工消費合作社印製 與大區域網路(WAN)、區域網路(LAN)、或任何其它類型 網路的連接。網路設備的範例係包括丨p電話設備。 第一區別係包括諸如Dongles的認證特殊硬體(ash)裝置 830r83〇K。每個ASH裝置83(^-830〆$連接至相對介面單元 通信埠,並指定預定的識別値。結果,介面單 元820r 820κ及其相對的ASH裝置83〇ι_83〇κ能藉由如果數位 内容與所選定的識別値有關而避免下載數位内容,以控制 將數位内容流入可程式化單元8 1 〇 ^ 在成功地執行各種不同操作之後,數位内容可經由所選 疋的介面早兀(例如,介面單元82〇1)而提供給可程式化單 疋810。首先,可程式化單元81〇會内部檢查其間的各種不 同的ί玉式疋否热需經由雜凑値比較的確認來修改。其次’ 在所選定的介面單元82〇1和可程式化單元81〇之間的安全 通訊連結840,會建立。再者,可程式化單元81{)會確認, 以確保嘗試並未產生錯誤地存取該數位内H等操作可 依上述執行。 關於圖8B,電子系统8〇〇係支援雙向的通信。特別是, 電子系統800之可程式化單元81()係響應於事件而將資 送至分布的通訊連結(例如,電話線、網路等)。例如 件可包括條件’其中可程式化單元m會妨礙接收取,以 便解碼所下載的内容,諸如未成功地確認解碼 必要鍵控付款。 賢& 第三具體青 請即參考圖9係顯示電予系統_第三具體實” (請先閱讀背面之注意事項再蜂寫本頁) 裝 訂 威 __ - 19 - 本祕尺 ,家辟(CNS)------- 經濟'部中央標準局員工消f合作社印11 9 t# A? --------B7 五、發明説明(17 ) 此具體實施例申,電子系統900係包括介面單元91〇和可程 式化單元920。介面單元91〇能使用如圖2所示的數據機或 黑線能力而配置成接收機。然而,取代將認證特殊硬體 (ASH)裝置連接至介面單元91〇 ’可程式化單元92〇會改 變’以包括如下所述的硬體處理遲輯93〇。 該硬體處理邏輯930係包括至少處理器和非揮發性記憶 體’它們係包括在單一的積體電路.包裝或多重的晶片包 裝。一旦將TSK下載至可程式化單元92〇 , TSK會載入在硬 體處理邏輯930中所包括的非揮發性記憶。因此,在將來 自介面單元910的數位内容傳送至可程式化單元92〇之前, 可程式化單元920能以如在圖7所描述來確認,其中與安全 有關的可執行程式會防止修改,但是確認會在硬體處理邏 輯9 3 0的内部來執行。 在本發明係參考所描述的具體實施例予以説明的時候, 此描述並非是限制。所描述的具體實施例及本發明的其它 具體實施例的各種不同修改,這對於本發明所屬技藝中熟 希此技術者能夠明白,其可視爲是在本發明的精神和範圍 内。 -20 - 本紙狀纽;?! fmm CN:S} 291 (請先閲讀背面之注意事項再^¾本頁) ---装------訂------.諌 1 1· n^— .mf .Order -------- ^ I _-I -16- 9'4 螬 A7 B7 V. Description of the invention (14 For example, during the manufacture of the programmable unit (time 1), confirm that the program 700 Enter the one-way hash function 705 to generate a hash 値 7〗. This hash 値 71G can be digitally checked in by a private keying (pRKpu) 715 combined with a programmable single key ^ to generate The digital sign-in shown in 35. The one-way hash function 7 0 5 at the execution (time 2) time before the cycle of the "live place execution confirmation method 70" (for example, during power-on). It is used by the programmable unit to generate the result data 72. This result asset 72 is then compared to the hash 有关 7 〖〇 related to the digital sign-in 350 obtained for the use of public keying ( PUKPU) 725 to decode the digital check-in 350. If they match, the confirmation program 700 will not be modified. If there is a difference, the confirmation program 700 will be modified. This will prevent the interface unit from transmitting the digital content to the programmable unit. Regarding the integrity of the communication link 140, as shown in FIG. 7B, the key is keyed (SESS) for a certain period of time. Coordination between the control unit < of the interface unit (e.g., the first controller 25 of FIG. 2) and the programmable unit (e.g., the second controller 30 of FIG. 3). Such coordination includes programmability Unit, which transmits the pre-loaded digital confirmation 340 of Figure 3 to the interface unit. The digital identification 34 includes public keying related to the second controller (pUKPU) 725 of the programmable unit. The digital confirmation 340 It is decoded using the well-known public keying (PUkcA) 730 interface unit related to confirmation identification (for example, OEM public keying). Once PUKPU 72S is obtained, the interface unit can generate a certain period keying (SESS) 735, And use PUKPU to encode SESS 735 to generate the keyed ME (SESS) PUKPU ”740 during encoding before transmitting to the programmable unit. The programmable unit can use its private-17-this paper size Chinese National Standards (CNS) See the grid (2I0X 29? Gongchu ----------- Sai --------- 1T ------ ^ (Please read the first (Notes are re-filled on this page.) Printed by the Consumer Bureau of the Standard Bureau ^ 1 94 9 A7 _____B7 V. Description of Invention (π) Keying (PRKPU) 715 to decode E (SESS) PUKPU 740 and retrieve SESS. During this period, key skills are stored in software that prevents modification There are many array methods that can be used to authenticate the programmable unit 120. A well-known validation method is based on a zero-knowledge agreement as shown generally in Figure 7c. In this embodiment, the interface unit 110 will send a message? 50. Send to a programmable order requesting that the TSK hash be loaded into the modification software. In response, the programmable unit 120 performs a one-way hash function on the TSK 755 to generate a hash 値 760 'and returns the hash 値 760 to the interface table 110. The interface unit 110 then performs a one-way hash function on its TSK 765 to produce a result 770 and compares the hash 値 760 to the result 770. If the 'comparison' programmable unit 120 can receive digital content, because both units hold the same TSKs. If the differences are different, the digital content can be prevented from being loaded into the programmable unit. Second Embodiment of Electronic System Please refer to FIGS. 8A and 8B, which show a specific embodiment of the electronic system 800. As shown in FIG. 8A, the electronic system 800 includes a programmable unit 810 and an interface unit 820r820K (" k " is a positive integer 値). This electronic system 800 is different from the electronic system 100β of FIG. 1-the difference is that the programmable unit 810 can support communication from multiple interface units 820 "820k. Examples of such interface units include, but are not Restricted or limited to ⑴Broadband receiver 820, (ii) DVD player 820 that receives digital content directly from the content provider, (iii) Meter 8203 'to calculate and store the cost of digital content, and digital content It is provided to the programmable unit and / or (iv) the network device 82〇κ in order to establish -18- (Please read the notes on the back before continuing on this page) -------- * 1τ ---- 1 ----__ 1 i * ln M-. The size of this paper is applicable to China National Standards (CNS) A4 specifications (:; 0 × 297 mm) 94 2 A7 B7 V. Description of invention (Ί6 Ministry of Economic Affairs) China Standards Bureau ’s consumer cooperative prints connections to large area networks (WAN), local area networks (LAN), or any other type of network. Examples of network equipment include telephone equipment. The first difference is Includes certified special hardware (ash) devices such as Dongles 830r83K. 83 (^ -830〆 $) per ASH device Connects to the communication port of the interface unit and assigns a predetermined identification card. As a result, the interface unit 820r 820κ and its corresponding ASH device 83〇ι_83〇κ can avoid downloading digital content if the digital content is related to the selected identification card In order to control the flow of digital content into the programmable unit 8 1 〇 ^ After successfully performing various operations, the digital content can be provided to the programmable through the selected interface (for example, interface unit 8201). Single 810. First, the programmable unit 810 will internally check whether the various different jade styles of heat need to be modified through the confirmation of the hash comparison. Secondly, in the selected interface unit 8201 and may The secure communication link 840 between the programming units 810 will be established. Furthermore, the programmable unit 81 {) will confirm to ensure that attempts to access the H in the digits without error can be performed as described above. Regarding FIG. 8B, the electronic system 800 supports bidirectional communication. In particular, the programmable unit 81 () of the electronic system 800 sends data to a distributed communication link in response to an event (for example, , Telephone line, internet, etc.) For example, the condition may include the condition 'where the programmable unit m would prevent reception to be decoded in order to decode the downloaded content, such as failing to successfully confirm the necessary keyed payment for decoding. Xian & Third specific Please refer to Figure 9 for the display of the electric power system _ the third concrete reality "(please read the precautions on the back before writing this page) Binding __-19-This ruler, Jia Pi (CNS) --- ---- Staff of the Central Standards Bureau of the Ministry of Economic Affairs, Cooperative Press 11 9 t # A? -------- B7 V. Description of the Invention (17) This specific example applies that the electronic system 900 includes an interface unit 91〇 and programmable unit 920. The interface unit 91 can be configured as a receiver using a modem or a black line capability as shown in FIG. 2. However, instead of connecting an Authenticated Special Hardware (ASH) device to the interface unit 91 °, the 'programmable unit 92 ° will change' to include a hardware processing delay 93 ° as described below. The hardware processing logic 930 includes at least a processor and non-volatile memory. They are included in a single integrated circuit, package or multiple chip package. Once the TSK is downloaded to the programmable unit 92, the TSK is loaded into the non-volatile memory included in the hardware processing logic 930. Therefore, before transmitting the digital content from the interface unit 910 to the programmable unit 92, the programmable unit 920 can be confirmed as described in FIG. 7, where the security-related executable program prevents modification, but Confirmation is performed inside the hardware processing logic 930. When the present invention is described with reference to the specific embodiments described, this description is not limiting. Various modifications of the described specific embodiments and other specific embodiments of the present invention will be apparent to those skilled in the art to which the present invention pertains and can be regarded as within the spirit and scope of the present invention. -20-This paper-like button;?! Fmm CN: S} 291 (Please read the precautions on the back before ^ ¾ this page) --------------------------- Order · N ^ — .mf.